The second Wednesday in October is one of the most important holidays we have since it impacts every single citizen in the world. National Stop Bullying Day is not only an awareness campaign about a crucial global issue, it is also one that impacts young and old, rich and poor, every race and nationality.

There was a time when bullying meant schoolyard taunts or some rude graffiti. Now, it encompasses horrific crimes like cyberbullying, including sextortion, doxxing, identity theft and account takeover.

The first step to stopping these and other cyberbullying problems is to understand when it is even happening. For too many people, especially parents of younger victims, the truth only emerges after something far more serious occurs. This guide contains more details, but some common signs include withdrawing emotionally, repeatedly missing school or work for no apparent reason, increased need for funds and dramatic behavior changes.

The organization Stomp Out Bullying has some great resources for this year’s important campaign, which can be found on their website. This article by the Cybercrime Support Network can also help. However, recognizing that cyberbullying is a very serious matter, one that can affect adults as well as young people, is the most important step anyone can take to avoiding this threat.

Stay Safe Online also offers a lot of helpful solutions, such as:

Be aware of the threat and who is at fault

Cyberbullying can encompass a lot of different behaviors, including identity theft. Knowing when you or someone else is being bullied online is important. An innocent person can be targeted by a hateful “keyboard commando,” but it is important to examine our own behaviors and make sure our interactions are positive and supportive, and do not lead to escalating behavior.

Keep a record

Too often, the issue escalates but the posts that began the problem get lost. Without evidence, there is little that schools or law enforcement can do to the offender. Screenshot and save these posts in order to provide proof so that action can be taken.

Talk, talk, talk

Without open, ongoing conversation about cyberbullying, many victims feel powerless to put a stop to it. Make sure to have numerous conversations with your family before and after allowing computers and devices in the home.

File a complaint when a problem is detected

It can feel like cyberbullying is a faceless crime, but it is actually not. Someone is behind it, whether it is a stranger or someone you know. Even if there is not much that can be done to prosecute an offender in a given situation, having a record of it with the police will be important if it escalates or involves identity theft.

Shut it down

A lot of people love their devices, and technology addiction is a recognized problem. However, when it comes to someone’s health and happiness, stopping the bullying is more important. You can start by blocking the offender on these platforms, but that might not be enough. It might mean avoiding a certain account or platform altogether, or simply creating a new account. That will be far healthier in the long run than enduring others’ abuse.

The single most important thing you can do if you or someone you know is being bullied online is to take it very seriously. There is no such thing as “harmless” insults in a world where anonymity combined with access to personal information affords perpetrators the ability to hurt people. Talk to the people you care about and provide support when it is needed.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.

Are You Cyber-stressed?

New Study Shows Millennials are More Likely to Fall for Scams


Halloween is not the only celebration to look forward to at this time of year. Every October, the National Cybersecurity Alliance hosts a consumer-awareness event, National Cybersecurity Awareness Month, also known as #CyberAware month, based on protecting you from harm. This month-long celebration of digital security and privacy promotes safer connectivity, healthy device use and a better understanding of how to keep your identity and data from falling into the wrong hands.

This year’s theme is “Own It. Secure It. Protect It.” In other words, the tech public is being cautioned to take more of a sense of control over their own protection, starting with how they engage online.

#CyberAware month is dedicated to understanding how you can have ownership over your privacy and security, and StaySafeOnline has the following tips:

Never Click and Tell: Staying Safe on Social Media

Social media is one of the biggest pitfalls to our privacy, partly due to the way different platforms collect, store and sell information. However, a lot of users also have to take some of the blame for oversharing and not locking down their accounts.

Oversharing is when you tell too much about yourself online. It might be spreading around your full name, address, or email or giving away too many details about where you live or work. You might be revealing too much about your family members, even your children. Some users even give away too much information about their present locations, including the exact coordinates and street address.

Remember, strong privacy settings on all of your accounts can help keep others from seeing too much, but with shareable content, someone else might be able to get in. You do not have to tell all you know when you post, and you certainly do not have to post birthdates, locations, the names of your children’s schools and your maiden name if you have one. Guard that information and remember that all of those little details are pieces of your complete identity puzzle.

Update Privacy Settings

The privacy settings mentioned above determine who can see your posts and your profiles, and they also determine which of your friends can share your content. If you post a nice family photo of a relative’s birthday, depending on your privacy settings, one of your friends can innocently share it to their profile so that other family members can see it. From there, it can make the rounds and end up in a hacker’s inbox.

On some platforms, there are default settings that you have to manually adjust to your comfort level. On others, some of your posts are public and some can be kept private. It is important that you understand how each platform works and what your privacy settings are before you use them.

Keep Tabs on Your Apps

The apps you install on your devices and the accounts you establish online might be just another part of using technology, however they can also come back to haunt you. If you have reused your username and password on multiple apps and accounts, if you have connected your social media profiles to your apps in order to log in faster or if you have not updated your apps or accounts in a while—just to name a few of the potentially harmful problems—then you may not be protected.

Remember, hackers want information. They use that information to get even more information, and then they can go after bigger payoffs. It is important that you understand what you are installing, what accounts you are creating and how to protect them and when you must update these things in order to stay safe online.

National Cybersecurity Awareness Month is about welcoming fall and enjoying some spooky fun, but there is nothing fun about cybersecurity lapses. Take the time this NCSAM month to protect yourself and develop good habits that will keep you safe all year.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Zynga Data Breach Spells Trouble for 200 Million Users 

Steps to Take After Doordash Data Breach

10,000 Breaches Later: Top Five Retail Data Breaches


It is back to school time, or as many college students know of it, back to debt time. One of the many mounting costs associated with higher education is the price of textbooks. However, thanks to the internet, there many websites offering free and cheap digital versions of the real thing. Because of that, students should beware of malware hidden in eBooks.

As with other websites that offer premium content like first-run movies and new video games for little to no cost, there is a hidden threat: viruses and malware tucked inside the file. In some cases, you do not even get to download the content before the virus from the malware hidden in the eBook attacks your computer.

This used to be a simple issue: you steal some content, you take the risk. With more and more schools helping students cut costs by promoting the real digital versions of the required textbooks, you could accidentally infect your computer or the network with malware hidden in eBooks while trying to do the right thing.

In order to avoid malware hidden in eBooks, there are some important steps you can take.

Do not give in to the temptation to save a lot of money

The price of textbooks is a burden, but there are steps you can take to offset, reduce or avoid the cost that do not put you at risk. Some libraries keep copies of popular textbooks, and there are retailers who now offer textbook rentals for a fraction of the cost. You can even split the cost with a friend and share the book. With that said, trying to get it for free online is a recipe for a virus from malware hidden in an eBook, and that can end up costing you almost as much as the book would have cost.

If you are going digital, know the source

Digital textbooks are great. They are portable, often cheaper and can even include extras like additional resources and homework help. Make sure you are getting it from a trusted retailer or website and not a site that promises free or cheap eBooks.

This can also affect supplemental materials

There is nothing wrong with searching online for additional materials to help you study unless it is pirated content. However, this same threat can hide embedded in other kinds of course materials, too. Even if you are not stealing anything, downloading free study materials or essays could be a great way to spread some malware hidden in eBooks.

Keep your security software updated

Even if you would never download pirated content, that does not mean someone else on the network won’t. Your roommate, a student down the hall or someone in the campus computer lab. If you are all connected to the same network, you stand a chance of “catching” someone else’s infection. Keep your antivirus and antimalware software installed and up-to-date and remember to run a scan regularly to avoid malware hidden in eBooks.

If you are infected…

Remember that the goal of a lot of malware is to steal data from your device or lock the device until you pay the ransom. Change your passwords on important accounts regularly to avoid having your account access stolen and back up your important files to a cloud storage or external hard drive. That way, if you are infected with ransomware, your important documents are still accessible.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Back to School, Back to Scams

FAFSA and Student Loan Identity Theft

The Pros and Cons of Peer-to-Peer Payment Apps

The first case of AI fraud has been reported after a perpetrator created an audio clip of a company’s CEO and used it to inform someone else within the company to release funds to the scammers.

In the world of artificial intelligence, a “deepfake” is a completely fabricated audio or video clip in which someone’s real voice or image is used in a situation the person was never in. With relative ease, skilled computer designers and editors can often create videos of a famous person saying or doing things they have never done.

Now being called a “vishing” attack, also known as voice phishing, this AI fraud case involves the head of a German company who supposedly contacted the CEO of one of its UK branches and requested a transfer of funds, stating that they would be reimbursed. The UK employee complied, sending around $243,000 to an account in Hungary. The callers made a total of three calls to the UK company but were eventually refused. Fortunately, the company carries insurance against this kind of AI fraud crime and it was covered.

While the entire point of a deepfake is that it is very difficult to discern from the real thing, there are things consumers and businesses alike can do in order to protect themselves from AI fraud.

Never comply with any kind of sensitive request without prior authorization.

It does not matter if the request comes as an email, a text message or now an audio-based call. Simply take down the caller’s name and the instructions and then verify it with the individual using a known contact phone number or in person.

Establish a company coding system for sensitive requests.

Institute a policy that all money transfers, file sharing or other sensitive activity must include the company “code word” in the instructions. The code should be changed frequently to avoid any threat from hackers.

Make sure that this information is shared throughout the company.

One of the best ways to pull off a successful phishing attack is to target a lower-level employee. It is important to make sure that everyone in the company knows and follows the security protocols.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Yahoo Breach Settlement Proposed for $117.5 Million

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


If you are one of the millions of smartphone or tablet users in the U.S. who rely on their devices while traveling, there are little-known airport technology risks that can attack your identity. The convenience of available charging options and public connectivity tools can lead right back to hackers and identity thieves, but too many consumers are not aware of the danger.

Airport Charging Stations

You may have seen handy charging stations in places like airports or shopping malls. These stand-alone kiosks let you plug up your device for a quick battery boost while you wait. However, how do they work? Rather than simply being a typical electrical outlet, some of them actually have a computer housed inside the kiosk. When you plug in your device, you could be connecting it to that computer. If a hacker has tampered with either that computer or the provided charging cord, they could be stealing information from your device. That is a huge airport technology red flag.

Using Other Devices at the Airport

Other airport technology risks can arise from using convenience tablets in restaurants, especially those in airports. These tablets allow you to check your social media, place food orders, make a payment and shop and scan your boarding pass for check-in. However, when you enter your personal information or log into your accounts, you do not control where that information ends up or how it is used.

Skip the Convenience

It is handy to use a free charger cord and a kiosk, and it is nice to check your accounts over free public Wi-Fi while you wait for your food. With that said, the convenience does not outweigh the airport technology risks to your identifying information, social media profiles and sensitive accounts. Instead, carry your own cord and stick to regular wall outlets to charge your devices. Also, use your own secured devices to log into your accounts. If the Wi-Fi is not free, just wait until you are somewhere that it is safe to connect over your own devices.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

If you are one of the millions of consumers who use a voice-activated assistant in your home or through your smartphone, your personal data and activity may become more secure due to new data privacy regulations like the European Union’s GDPR and recent privacy-related legislation. Virtual assistants and chatbot tools will now have to tighten up their security to protect your information.

Siri, Alexa and Google Home are just a handful of the artificial intelligence tools that interact with live people every day. We rely on these devices for everything from looking up a phone number or a favorite song to controlling the utilities that power our homes. Because of that, they are fertile ground for hackers who are looking for private information or who seek to get a picture of our day-to-day activities. The amount of use they get is another reason AI data privacy is so important.

Even if you do not own or use a voice-activated virtual assistant, you have probably interacted with a chatbot online. You may not even know it. These tools use artificial intelligence to provide customer support for businesses. You may have visited a retailer’s website and found a “live chat” button to click or had a pop-up box open with the words, “Hi! How can I help you today?” on the screen. While some businesses still use human customer service reps to provide support, a growing number of companies are already relying on computers to carry on the conversation and solve any problems.

Some experts are already at work helping developers create privacy-compliant AI tools that still have enough room to be useful. If your virtual assistant cannot store your shopping or search history, for example, how will it help you find that great brand of coffee you tried? How will it know what songs or movies to recommend when you tell it to play something “upbeat?” This kind of data collection is what makes AI-driven tools useful and easy to operate, rather than forcing human users to repeat themselves with every interaction.

The first step for developers is to draft a clear policy on what information is collected from users. From there, it is important to store it securely for data privacy. Some states are already requiring chatbots to disclose that they are not actual people and to request permission to record or save the chat conversation. It is a good idea for businesses in every state to start working in that direction since these data privacy laws are already being put in place. On a more personal note, it is important that companies develop AI tools that incorporate the ability to respond accordingly if a minor initiates the interaction. This can prevent a toddler from renting a movie on Amazon or a teenager from asking for critical medical advice from a robot.

The most important step is to remember that technology and innovation are fluid. There is no such thing as a one-and-done law or regulation where privacy and tech intersect. Any data privacy policies or upgrades, especially where AI and chatbots are concerned, must be revisited frequently to ensure they are still complying with the law and protecting the public.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

Shutterbugs Beware! DSLR Ransomware Attack Targets Digital Cameras 


As cybercrimes go, ransomware might be one of the nastiest, which is why lots of attention is being brought to recent DSLR ransomware attacks. Using one of several different avenues of attack, a hacker infects a piece of technology with harmful software that locks up the device. The only way to unlock it and restore access is to pay the hacker’s ransom. What makes it so terrible is that it works. Too often, the victim pays the ransom in order to avoid the inconvenience and expense of losing control over their files and devices.

There are many great reasons to own a fancy digital camera, namely that photographers can take great pictures no matter how skilled or novice the user may be. Some of the newer ones are even easier to operate and enjoy than older digital cameras because the pictures can be sent to your computer, emailed to a friend or relative or uploaded to a print service over Wi-Fi without the need to download them with a cable. Just like you can text a friend a picture that you took with your phone, the newer, more capable digital cameras can transmit pictures.

However, that capability is where the vulnerability lies. Security researchers have uncovered malicious software that can be sent to your camera as part of a recent DSLR ransomware attack, such as over free hotel or airport Wi-Fi at a popular tourist spot. Once there, the hackers just have to alert you that all of your photos have been encrypted. The only way to unlock them is to pay the significant ransom.

There is an easy fix to prevent a DSLR ransomware attack, but you have to be aware of the threat first. If your camera allows, simply turn off the Wi-Fi in order to prevent it from accidentally connecting over these suspicious Wi-Fi options. As an added bonus, turning off the Wi-Fi in the camera’s settings except when you are actively using it to transmit your photos will save your battery life while you are using the camera.

It is worth noting that researchers were also able to encrypt someone else’s photos if they had already infected the user’s laptop. If you are plugging in your camera with a USB cable but a hacker has already infected your computer, they can still lock up your photos. Make sure your antivirus software is installed and up-to-date to avoid that threat in a DSLR ransomware attack. Also, camera manufacturers should now be working on security patches that block this vulnerability. That makes it just that much more important to download any software updates that they issue for your devices.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

On Wednesday, July 24, 2019, people could begin filing Equifax claims for the recent data breach settlement, which included filing an Equifax breach settlement claim for a minor. In 2017, Equifax, one of the three largest credit reporting agencies in the world, announced they suffered a data breach. More than 148 million consumers’ identities had been stolen. A settlement was reached in the class-action lawsuit filed with a federal court. As a result, Equifax launched its claims process to help anyone who may have been a victim, including minors.

If you were a minor affected by the Equifax breach settlement but are now over 18-years-old, you must file your own claim and can do it online.

If the minor is still under 18-years old, a parent or legal guardian can make a claim for Credit Monitoring Services on the child’s behalf. However, it must be filed manually and sent out via direct mail. If you file an Equifax breach settlement claim for a minor, you must provide documentation to prove you are the parent or legal guardian of that minor.

Credit Monitoring Services will allow parents to receive alerts when certain personal data appears on suspicious websites, alerts when the Social Security number is associated with new names or addresses or the creation of a consumer report at one or more of the three nationwide Consumer Reporting Agencies. Finally, the minor will receive Identity Restoration Services if their identity is compromised.

The parent or legal guardian can elect to enroll the minor in one-bureau credit monitoring services provided by Equifax that would begin after the Credit Monitoring Services expire for a period of up to 14 years. According to the Equifax breach settlement page, a minor can receive monitoring services as follows: alerts when data elements like Social Security number submitted for monitoring appear on suspicious websites, including underground websites, a file is created, locked, and then monitored and for minors with an Equifax credit file, their credit file is locked and then monitored. The Experian Credit Monitoring Services and the optional one-bureau credit monitoring provided by Equifax together will cover 18 years.

The parent or legal guardian filing an Equifax breach settlement claim for a minor must opt for the minor to receive the one-bureau services when submitting a claim for the Credit Monitoring Services, and the parent or legal guardian will be sent instructions for how to enroll in the one-bureau monitoring before the Credit Monitoring Services expire. The cost of these services will be paid separately by Equifax, not out of the Consumer Restitution Fund.

Before finding out what support your minor may be eligible for while filing an Equifax breach settlement claim for a minor, it is important to know whether or not their information was affected. The website for consumers concerned about the Equifax data breach settlement has a button that will provide that information for you.

Enter your minor’s last name and the last six digits of their Social Security number, and the site will tell you whether or not their data was compromised.

If you discover that your minor’s personal identifiable information (PII) was compromised, your next step is to choose whether or not to participate in the class action suit. Your minor may be eligible for credit monitoring, identity restoration if their information was fraudulently used and a partial refund if they had already been an Equifax credit monitoring customer.

If you decide to file an Equifax breach settlement claim for a minor, you must do so by January 22, 2020. If you wish to state that your minor is not participating, the deadline is November 19, 2019.

The Identity Theft Resource Center recommends you consider all of your minor’s personal circumstances and how the breach and any subsequent identity crime issues impacted your minor before submitting a claim. While the process of recovering after an identity theft incident is costly in time, personal impacts and financial ramifications, filing without thinking through all the possibilities or having all the supporting documentation could short-change your minor’s identity hygiene in the long-run. Potential issues that may arise could include the inability to get financial aid for college, approval for a first apartment or being able to get a loan for a first car.

After determining what kind of Equifax breach claim you need to file for your minor, you can either claim free credit monitoring for up to ten years or a cash payment of $125 if you already have credit monitoring that includes the minor’s social security number – such as a family credit monitoring service.

While filing an Equifax breach settlement claim for a minor, it is important to organize your minor’s case with dated notes, receipts and a summary. The free ID Theft Help App provides an electronic case log feature to track the details of the case.

Depending on the state you live in, credit freezes were not free to all American consumers prior to September 2018. If you decided to pay to freeze your minor’s credit prior to 2018, you could be reimbursed those expenses. NOTE: if you want to submit a credit freeze for a minor now, it must also be done manually. It cannot be done online.

Due to the breach occurring in May 2017, your minor could be reimbursed for costs, expenses or losses due to identity theft even though the breach was announced in September 2017.

Your minor is eligible for identity theft restoration services for the next seven years, regardless of if you decide you do not want them to take part in the class-action suit.

Whether or not your minor takes part in the suit, it is a good idea to place a freeze on their credit report. Remember, you can only do this manually with a minor. You cannot place a freeze online.

All of the documents, dates, claims process and FAQs can be found on the website that has been built to support Equifax claim. If you are not sure if your minor’s information has been affected, visit EquifaxBreachSettlement.Com.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Don’t Fall for Equifax Settlement Scams 

Capital One Data Breach – What To Do If You’re Impacted 

New Tool Helps Consumers Make Sense of Data Breaches

Ransomware attacks have risen steadily in the past few years to become a widespread, costly form of cybercrime. This attack, which happens when someone infects a computer or network with harmful software and demands payment to remove it, has hit every kind of industry and business and can affect companies and consumers alike.

The first problem with ransomware is there is no guarantee that paying the ransom will restore access to your files, hardware or network. It is a dangerous gamble, and while sometimes it pays off, other times the hacker refuses to unlock the access even after making off with your money.

Some industries seem to have more of a problem with ransomware than others. The healthcare industry has long been a favorite target. This could be attributed to the hefty fines and penalties that medical centers can face for allowing outsiders to infiltrate information that is protected by HIPAA laws. As history has shown, the ransom is often less than the fines would be, so the hospital attempts to pay up.

Cybercrimes like data breaches and computer scams have been known to come and go. However, with ransomware, there has been a very slight decrease. In fact, ransomware attacks and the financial losses associated with them have been steadily rising with no end in sight.

The city of La Porte, Indiana, just paid a Bitcoin ransom of $130,000 to restore access to their city’s network of computers. Without access, many city functions were at a standstill. Unfortunately, that amount is pocket change compared to some ransom demands. For example, Monroe College recently lost access to everything, including email, learning systems and grades, until the hackers receive $2 million in Bitcoin.

The FBI recommends against paying ransomware attackers, and the U.S. Conference of Mayors recently passed a resolution that tells cities they should not pay a ransom in these cases. However, it is ultimately up to the victims to decide how they are going to respond.

Fortunately, there are a few steps businesses and individuals can take to reduce the risk of harm from a ransomware attack:

Backup everything on your computer

If you store all of your important files like documents or photos in an external storage source, then the worst that happens is you have to buy a new computer. For businesses, that expense can be more significant, but usually not more than the ransom would cost. The stored files are put on the new computer, and the money you would have given to a criminal is instead spent on brand-new hardware.

Up-to-date cybersecurity software

Keeping your antivirus and anti-malware software updated and installed can go a long way towards preventing harmful software from infecting your computer or network in a ransomware attack. It is not going to stop every single threat, but if you regularly update your security software with the latest fixes sent to you by the developer, you will be protected from a lot of harmful software.

Never click unknown links or attachments

One of the easiest ways for ransomware to infect your computer is through a phishing attempt. When a hacker sends an email that says something like, “You won’t believe these photos I found,” or “Click here to get your free $100 Target gift card,” you may be installing the ransomware for the hackers.

With proper training and good habits, you can work to avoid ransomware. If an attack does occur, contact law enforcement and IT professionals if you need assistance.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Payment apps like Venmo have become increasingly popular lately, for good reason. However, if users are not careful about how they use and secure their information the Venmo payment app, it can be a privacy pitfall.

Venmo Privacy

One concern is password strength. If you are reusing an old password, your app could be infiltrated by someone who then wipes your bank account clean. Some platforms also allow you to set up an optional PIN number in addition to your password, which can add another layer of security. However, as one security researcher reported, the way you are using your app could also put you at serious risk.

Venmo is one payment app that allows users to share their Venmo payments with the public. The company has stated there is a social element to using a payment app. You might have bought concert tickets, movie tickets or just gone out for pizza with your friends. This kind of behavior might be something you would already post on social media. Venmo allows you to keep your Venmo payments set to “public.” Anyone who opens the app can see the most recent Venmo payments, even if they do not know you.

Venmo Payment Scrape 

One researcher made a project of “scraping” this data. He used a program he wrote to compile the information and stored it in a database. For months, this researcher downloaded payments from specific IP addresses.

Researcher Dan Salmon was able to copy and store the usernames and IP addresses of the smartphones that were used. At first, it was simply to see if Venmo payment information could be accessed, but then he started to wonder what possible nefarious use a malicious hacker could have with it.

It turned out to be surprisingly easy to download a specific IP address’ most recent Venmo payments, compile them into a professional-looking email and then use those to target the customer with a phishing attack. If you were to receive an email that appeared to come from Venmo and included your most recent Venmo transactions, including the date, amount, purpose and the message you would have typed yourself, you might be more willing to comply with instructions in the email.

It is important to understand that everything this researcher did was legal and not difficult for someone with a little bit of know-how. It required some patience and dedication to the outcome, which is something that hackers and identity thieves seem to have in abundance.

Review Your Venmo App Settings

In order to protect themselves, consumers have to remember that their private business is just that, private. You would hopefully never run through a crowded shopping mall shouting, “I just bought a sweater with a check issued by First National Bank!” So why would you inform all of Venmo’s users that you bought pizza last Thursday, or that you paid your friend for some movie tickets? Remember to adopt an air of caution when it comes to sharing your personal details, especially online or on social media.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft